Besieged By Hackers, OpenX Will Close Open Ad Platform

OpenX, a digital and mobile ad company that has received more than $70 million in funding from several venture capital firms including Samsung Venture Investment Corporation, has decided to abandon OnRamp, its free, self-service ad platform, because it couldn't defend against hackers.

On Monday, the company said in a forum post that "OnRamp has been the subject of escalating hacker activity in recent months, culminating in a serious attack that occurred Saturday, February 9, 2013."

As a result of the attacks, the company suspended OnRamp, a service based on the company's open source ad-serving software, in order to conduct an investigation into the breach. The company said its paid services -- OpenX Enterprise and OpenX Market -- rely on a different code base and are unaffected. The company also said it could not predict when or whether it would restore OnRamp service.

On Tuesday, it became clear that OnRamp will not be revived. Characterizing the breach as "a serious malicious hacker intrusion," the company said in a follow-up forum post that the increased frequency of malicious hacking has made it virtually impossible to keep OnRamp secure "in an environment of increasingly sophisticated and powerful intrusions that exploit open source software."

Malicious advertising, or malvertising, is not a new phenomenon, but it doesn't typically result in complete surrender.

However, recent vulnerabilities in Java have helped hackers distribute malware through ad networks. Security firm Trusteer last month published a report detailing how a malvertising campaign distributed Blackhole exploits kits through ads carried on the Clicksor network.

"Using Clicksor as the malvertising platform allows hackers to reach a very wide audience, while allowing the hacker to distribute the malware at a very low cost (starting at $0.50 per 1,000 impressions)," Trusteer said in a blog post. "Clicksor (and other legitimate online advertising services) has no idea, of course, that these legitimate looking, paid advertisements contain malware."

Exploit kits like Blackhole are regularly updated to include code that exploits newly discovered vulnerabilities. As a consequence, Internet users with vulnerable browsers may see their systems compromised when visiting Web pages that display ads carrying these exploit kits.

Ashkan Soltani, an independent security researcher who previously served as staff technologist at the Federal Trade Commission, observed in an email that malvertising appeals to hackers because it's a far more efficient way to distribute malware than trying to hack websites on an individual basis. He likened it to "poisoning the reservoir."

Soltani also questioned the notion that the openness of OnRamp's service doomed it. "Google's ad platform is an 'open system' where anyone can submit ads but we don't see anywhere near the amount of abuse," he said.

OpenX declined to comment beyond the forum posts it published. The company plans to reactivate OnRamp next Tuesday to allow customers to access and export their data, but not to serve ads. On Friday, March 22, 2013, at 5:00 p.m. Pacific Time, OnRamp will be shut down permanently.

That is a shame that they got great financial backing and couldnGÇÖt find or create defense mechanisms to ward off hackers. It also appears that real companies that are utilizing these resources are going to have to now find alternatives to advertise with. Do they also have any particular individuals and or groups that are responsible?

We have platform which is built on openX source / install version, runs smoothly with free of any attacks or exploits. We can assist you in setting up adnetwork, send your queries to info@openxservices.com or visit our website at www.openxservices.com

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.